Creating a FaceBook like profile badge

You know what a facebook profile badge is, right? (if no, just look here on sidebar my facebook profile badge). Well creating a profile badge like that is really easy. Here i created a small script to show the basic of how this thing works. So, here is the profile badge class

<?php
class profile_badge{
	public static function calc_image_height($strs,$limit){
		$total_line=0;

		foreach($strs as $str){
			$len=strlen($str);
			$div=(int)($len/$limit);
			$mod=$len%$limit;
			if($mod>0){
				$total_line=$total_line+$div+1;
			}else{
				$total_line=$total_line+$div;
			}
		}

	return ($total_line*15)+40;
	}

	public static function get_badge($text_name,$text_email){
	$CHARLIMIT=19;
	$label_name='Name:';
	$label_email='Email:';

	$logo="http://127.0.0.1/logo_fade.jpg";
	$extra=profile_badge::calc_image_height(array($text_name,$text_email),$CHARLIMIT);

	list($width,$height)=getimagesize($logo);
	$im=imagecreatefromjpeg($logo);

	$bg=imagecreatetruecolor($width,$height+$extra);

	$black=imagecolorallocate($bg,0,0,0);
	$white=imagecolorallocate($bg,255,255,255);
	$gray=imagecolorallocate($bg,124,124,124);
	$bdr=imagecolorallocate($bg,218,218,218);

	imagecopymerge ($bg,$im,0,0,0,0,$width,$height,100);

	imagefilledrectangle ($bg,0,$height,$width,$height+$extra,$white);
	imagerectangle ($bg,0,0,$width-1,$height+$extra-1,$bdr);

	$font='tahoma.ttf';
	$pad=15;
	$text_pos=$height+$pad;
	imagettftext($bg, 10,0,5, $text_pos, $black, $font, $label_name);
	$text_pos=$text_pos+$pad;

	if(strlen($text_name)<=$CHARLIMIT){
		imagettftext($bg, 10,0,5, $text_pos, $gray, $font, $text_name);
		$text_pos=$text_pos+$pad;
	}else{
		$name_array=str_split($text_name,$CHARLIMIT);
		foreach($name_array as $text_name){
			imagettftext($bg, 10,0,5, $text_pos, $gray, $font, $text_name);
			$text_pos=$text_pos+$pad;
		}
	}

	imagettftext($bg, 10,0,5, $text_pos, $black, $font, $label_email);
	$text_pos=$text_pos+$pad;

	if(strlen($text_email)<=$CHARLIMIT){
		imagettftext($bg, 10,0,5, $text_pos, $gray, $font, $text_email);
		$text_pos=$text_pos+$pad;
	}else{
		$email_array=str_split($text_email,$CHARLIMIT);
		foreach($email_array as $text_email){
			imagettftext($bg, 10,0,5, $text_pos, $gray, $font, $text_email);
			$text_pos=$text_pos+$pad;
		}
	}

	return $bg;
	}
}
logo_fade.jpg

Notice, at line 25, yes that’s my site’s logo image url. Also notice at line 43, yes this my font file. you can use your own font of choice in there. Ok now include that class and call its get_badge function, this way,

$name='Mahabubul Hasan';
$email='uzzal.me@gmail.com';

$bg=profile_badge::get_badge($name,$email);

header("Content-type: image/png");
imagepng($bg);
imagedestroy($bg);

and it generates a output like this:

isn’t it cool? 😉

Do you aware of Y2K38?

Okay let me first tell what is the term Y2K38 or Unix Millennium bug or year 2038 problem: Well it is a some kind of computer programming problem with date (something similar like Y2K), says that all programs and software are going to crash on near or after 2038. You will find a Wikipedia definition here. Okay look at some php code and its output:

$timestamp=mktime(0, 0, 0, 01 , 01, 2009);
echo date("F j, Y, g:i a",$timestamp);   // January 1, 2009, 12:00 am

Well output shows expected result. But notice this code now:

$timestamp=mktime(0, 0, 0, 01 , 01, 2039);
echo date("F j, Y, g:i a",$timestamp);  //January 1, 1970, 7:00 am

Yes output is little shocking. This is what they are calling Y2K38. I think we don’t need to worry about it too much. We still have enough time to solve this.  The code above is tested in php(5.2.9) language. I also tested the same thing in java and there is no such problem i found yet (yes java is great!!! :D).

Calendar cal=Calendar.getInstance();
cal.set(2059,11,1,0,0,0);
Date date=cal.getTime();
String output;
DateFormat df=DateFormat.getDateInstance(DateFormat.FULL,Locale.ROOT);
output=df.format(date);
System.out.println(output); //Monday, December 1, 2059

notice input and output(shows as expected). Yes we don’t need to worry about it. If we manage to survive until 2038 we will definitely have a solution by then.
Continue reading “Do you aware of Y2K38?”

Official PHP Coding Standards

Download the php official coding standard documentation in pdf format from here

This file lists several standards that any programmer, adding or changing code in PHP, should follow. Since this file was added at a very late stage of the development of PHP v3.0, the code base does not (yet) fully follow it, but it’s going in that general direction. Since we are now well into the version 4 releases, many sections have been recoded to use these rules.

OWASP* TOP 10

THE TEN MOST CRITICAL WEB APPLICATION SECURITY VULNERABILITIES

  1. Cross Site Scripting (XSS): XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, possibly introduce worms, etc.
  2. Injection Flaws: Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker’s hostile data tricks the interpreter into executing unintended commands or changing data.
  3. Malicious File Execution: Code vulnerable to remote file inclusion (RFI) allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise. Malicious file execution attacks affect PHP, XML and any framework which accepts filenames or files from users. Continue reading “OWASP* TOP 10”

PHP implemented in 100% Java

Quercus is Caucho Technology’s 100% Java implementation of PHP 5 released under the Open Source GPL license. Quercus comes with many PHP modules and extensions like PDF, PDO, MySQL, and JSON. Quercus allows for tight integration of Java services with PHP scripts, so using PHP with JMS or Grails is a quick and painless endeavor.

With Quercus, PHP applications automatically take advantage of Java application server features just as connection pooling and clustered sessions.

Quercus implements PHP 5 and a growing list of PHP extensions including APC, iconv, GD, gettext, JSON, MySQL, Oracle, PDF, and Postgres. Many popular PHP application will run as well as, if not better, than the standard PHP interpreter straight out of the box. The growing list of PHP software certified running on Quercus includes DokuWiki, Drupal, Gallery2, Joomla, Mambo, Mantis, MediaWiki, Phorum, phpBB, phpMyAdmin, PHP-Nuke, WordPress and XOOPS.

Quercus presents a new mixed Java/PHP approach to web applications and services where Java and PHP tightly integrate with each other. PHP applications can choose to use Java libraries and technologies like JMS, EJB, SOA frameworks, Hibernate, and Spring. This revolutionary capability is made possible because
1) PHP code is interpreted/compiled into Java and
2) Quercus and its libraries are written entirely in Java. This architecture allows PHP applications and Java libraries to talk directly with one another at the program level. To facilitate this new Java/PHP architecture, Quercus provides and API and interface to expose Java libraries to PHP.

The Quercus .war file can be run on Java application servers such as Glassfish, i.e. it can be run outside of Resin. This .war file includes the Quercus interpreter and the PHP libraries.

Benefits

Although PHP users and Java users can take advantage of Quercus immediately without modifying their application, the real benefits come from developing mixed Java/PHP applications:

* PHP libraries written in Java are fast, safe, and relatively easy to develop, compared with C libraries. Since Java is the library language, developers won’t need to be paranoid about third-party libraries having C-memory problems or segvs.
* PHP applications can take advantage of Java libraries and capabilities like JMS, SOA frameworks, Hibernate, or Spring. (Or EJB if you really wanted.)
* Java application can move presentation code to PHP, leaving behind templating systems, or languages with small libraries, and taking advantage of PHP flexibility and capability.

website: http://www.caucho.com
Copied from Caucho & phpimpact